The latest Cybersecurity Threat Advisory highlights the new false advertisement for Amazon through Google search engine. The advertisement redirects users to a Microsoft Defender support scam that locks up their browser. Barracuda MSP recommends avoiding clicking on any “Sponsored” result links on Google searches for Amazon.
What is the threat?
The false advertisement for Amazon can be found on Google search engine when searching for Amazon. At first glance, it appears to be legitimate, using the valid Amazon web URL and information as the first result at the top of the page. Clicking on this “Sponsored” result redirects users to a technical support scam, claiming to be a Microsoft Defender alert stating that your device is affected by the ads(exe).finacetrack(2).dll malware. The alert also prompts the user to call Windows Support immediately and provide a phone number to the scammers. Once the page opens, it goes into full-screen mode, making it difficult for the user to close the page without ending the Chrome process. This deliberate set up ensures that when the user restores the closed page on relaunch, it will re-open the technical support scam.
Why is it noteworthy?
Google search engine is widely used by consumers worldwide. Users often click the top results, which are ‘Sponsored’ results. Currently, those who are searching for Amazon are at risk of being a victim by scammers. A similar scam was seen last year through YouTube ads where it displays a website’s legitimate URL but leads to the scam website.
What is the exposure or risk?
The fake Amazon advertisement can lead to severe impact on end users, both from a financial and reputational standpoint. Tech support scams using social engineering techniques to gain access to victims’ computer can allow scammers to install malware, steal personal information, and/or install remote access software for persistence into the victim’s device.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of false Amazon advertisement:
- Avoid clicking on the first “Sponsored” search result for Amazon or other popular services.
- Visit websites by their Fully Qualified Domain Name (FQDN). For this example: Amazon.com.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/sneaky-amazon-google-ad-leads-to-microsoft-support-scam/
- https://attack.mitre.org/techniques/T1021/001/#:~:text=APT3%20enables%20the%20Remote%20Desktop,copy%20files%20through%20RDP%20sessions.&text=APT39%20has%20been%20seen%20using,for%20mangement%20of%20multiple%20sessions.
- https://www.bleepingcomputer.com/news/security/convincing-youtube-google-ads-lead-to-windows-support-scams/
- https://www.networksolutions.com/blog/establish/domains/what-is-a-fully-qualified-domain-name—fqdn–#:~:text=The%20following%20is%20an%20example,as%20the%20%E2%80%9Ctrailing%20period.%E2%80%9D
If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.
